Exposed Source Code

Introduction

Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys, which may help malicious users formulate attacks against the application.

Where to find

-

How to exploit

Exposed Git folder

https://site.com/.git

Tools to dump .git

https://github.com/arthaud/git-dumper

Exposed Subversion folder

https://site.com/.svn

Tools to dump .svn

https://github.com/anantshri/svn-extractor

Exposed Mercurial folder

https://site.com/.hg

Tools to dump .hg

https://github.com/arthaud/hg-dumper

Exposed Bazaar folder

http://target.com/.bzr

Tools to dump .bzr

https://github.com/shpik-kr/bzr_dumper

Exposed Darcs folder

http://target.com/_darcs

Tools to dump _darcs (Not found)

Exposed Bitkeeper folder

http://target.com/Bitkeeper

Tools to dump BitKeeper (Not found)

Reference

NakanoSec (my own post)

PreviousDenial of Service NextHost Header Injection

Last updated 2 years ago

hashtagIntroduction

hashtagWhere to find

hashtagHow to exploit

hashtagReference

Introduction

Where to find

How to exploit

Reference